Oilrigs 'vulnerable to hacking'

The world's oilrigs are vulnerable to hacking because their security is inadequate, according to SINTEF, an independent research organisation in Scandinavia.

While oil companies have made huge improvements in offshore safety and environmental protection, their efforts to secure important data have been poor, the SINTEF team says.

The group says that the current "integrated operations" model, which uses onshore workers to control processes carried out on the platform via networked PCs, leaves communications open to attack.

According to Science Daily, the team interviewed "key personnel in the petroleum sector" to get a sense of the data protection measures currently in place. The interviewees confirmed "that the number of safety incidents on production systems (platforms) has risen during past few years."

Researchers said that hackers have already made their presence felt on oil platforms.

"The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform," says SINTEF scientist, Martin Gilje Jaatun. "Luckily, this has not happened yet, but we have heard of a number of incidents that could have turned into something quite dramatic. For example, virus attacks have led to process electronic equipment becoming unstable."

What concerns the team is that there seems to be very little in place to deal with a hack attack should it happen.

"Our interviews have revealed that we lack a short concise plan that would say something about how people should deal with such specific events in their organisations," Jaatun says. "While scenario training is often used by offshore companies to reduce risks, such training is seldom employed in the field of information security.

"Some of our informants also told us that they were not certain that negative occurrences would lead to learning and changes in future behaviour. They were afraid that any such learning would soon be forgotten."